EIP-2026-106175

PRE-CVE

CoSoSys Endpoint Protector 4.5.0.1 - (Authenticated) Remote Root Command Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106175. PoCs published by 0x09AL.

AI-analyzed exploit summary This exploit demonstrates an authenticated remote command injection vulnerability in CoSoSys Endpoint Protector. It leverages the NTP Server field in the Appliance Tab to execute arbitrary commands via a reverse shell payload.

Description

CoSoSys Endpoint Protector 4.5.0.1 - (Authenticated) Remote Root Command Injection

Exploits (1)

exploitdb WORKING POC

by 0x09AL · pythonwebappsphp

https://www.exploit-db.com/exploits/45131

View Code ZIP pw:eip

This exploit demonstrates an authenticated remote command injection vulnerability in CoSoSys Endpoint Protector. It leverages the NTP Server field in the Appliance Tab to execute arbitrary commands via a reverse shell payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CoSoSys Endpoint Protector <= 4.5.0.1

Auth required

Prerequisites: Valid credentials (default: root:epp2011) · Network access to the target · Reverse shell listener setup

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026